what about socks support?

Dan Kaminsky dankamin at cisco.com
Sun Mar 11 13:24:17 EST 2001


> Is there any plan to add socks 4 or socks 5 support to openssh like
> the original ssh developed in finland??

There's a longstanding war over this.

Essentially, SSH->SOCKS support generally demands:

1) Nasty library dependancies
2) Inflexibility(which SOCKS protocols?  Which auth methods?  etc.)

I will probably be able to work around the former problem(guys, have you
*seen* how trivial SOCKS4 is?  Er, don't read the spec, it's wrong.)--but
the latter issue is indeed problematic.  Nobody wants to bulk up SSH with
83945798435 different authentication methods.

There are presently two solutions available:

1) Use a general purpose socksifier.  In this context, there's a wrapper
that makes *any* app SOCKS capable.  The Dante daemon has one; I believe the
C Bouncer author has written another.  There's also of course the stuff out
of NEC.

2) Use ProxyCommands.  I don't know the syntax offhand(it's quite ugly and
isn't particularly usable, sorry everyone), but it's related to:  ssh -o
ProxyCommand [arbitrary connector].  The idea is that an external Proxy
application gets one an 8 bit path to the SSH daemon--then the SSH client
takes over.  I'm attaching a 7K app that was written to do this for SOCKS.

There might be better solutions available in future versions of OpenSSH, but
for now these are what's available.

Yours Truly,

    Dan Kaminsky, CISSP
    http://www.doxpara.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: connect.c.gz
Type: application/x-gzip
Size: 7071 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010310/7b74ba24/attachment.bin 


More information about the openssh-unix-dev mailing list